IntroductionFederal Information Processing Standards Publication (FIPS PUB) 140-2, Security Requirements for Cryptographic Modules, specifies the security requirements that are to be satisfied by the cryptographic module utilized within a security system protecting sensitive information within computer and telecommunications systems (including voice systems). The standard provides four increasing, qualitative levels of security: Level 1, Level 2, Level 3, and Level 4. These levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be employed. The security requirements cover eleven areas related to the secure design and implementation of the cryptographic module. These areas include the following:

National Institute of Standards and
Technology, Recommendation for Transitioning the Use of Cryptographic
Algorithms and Key Lengths, Special Publication 800-131A, January 2011.
Sections relevant to this Annex: 1, 5, 6, 7 and 8.